Corey Benninger Max Sobell
|
|
- Shannon Adams
- 6 years ago
- Views:
Transcription
1 Corey Benninger Max Sobell
2 NFC Overview What is NFC? Hardware basics behind NFC Antennas and waveforms Tags and access control NFC Data Exchange Format (NDEF) NFC Application Attacks Privacy Mobile Wallets 2
3 RFID technology ISO :4 (13.56 MHz) Physical characteristics Radio frequency power and signal interface Initialization and anti-collision Transmission protocol No encryption or access control! Devices: Powered: PCD, interrogator, reader, device Unpowered: PICC, target, tag, transponder 3
4 4
5 RFID: 125 KHz/13.56 MHz/900 MHz NFC (what we ll be focusing on): A type of RFID Short range (induction v backscatter) Enough computational power to perform basic crypto 5
6 != Don t think of NFC like proximity cards Can mimic these, but often NFC is much more complex. 6
7 NFC enabled posters. 7
8 8
9 9
10 Phone Hardware Radio (ISO 14443) Phone OS Software Protocol: APDU, SNEP Data: NDEF Market Applications Foursquare, DoubleTwist, PayPal, Park Mobile, etc 10
11 Replace a traditional antenna with coils of wire Samsung Galaxy Nexus (in the battery) Samsung Nexus S 11
12 Energy one way, data two ways 12
13 Inductive Coupling Current device ranges severely limited (4-10 cm) Near Field: wavelength (~20m) much longer than antenna diameter Kristen Paget: 900 MHz read ranges > 66 meters That is not NFC NFC theoretically limited to ~10m 13
14 Encoding: ASK Reader -> Tag: Modified 100% ASK Tag -> Reader: 10% ASK Baudrates: 106 kbps, 212 kbps, 424 kbps, 848 kbps 14
15 15
16 Reader: 100% ASK Tag: 10% ASK 16
17 Each Tag has a UID unique identifier Serial number for card Locked on physical tags but not on a $80 Chinese-manufactured knock-off card Can be cloned using an emulated card More than just memory sectors Reader sends requests to read and write data from tag Tag can deny request based on access controls 17
18 Mifare Tags If you want access control, go with DESFire EV1 (for now) Tags Locked for Writing Access Control Broken Year Broken Ultralight Classic DESFire DESFire EV "Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World" by David Oswald and Christof Paar 18
19 Phone Hardware Radio (ISO 14443) Phone OS Software Protocol: APDU, SNEP Data: NDEF Market Applications Foursquare, DoubleTwist, PayPal, Park Mobile, etc 19
20 NDEF NFC Data Exchange Format Specs come from NFC Forum NDEF Message contains NDEF Record(s) Common record types Text URI 0x00 through 0x23 to map bytes to prefixes. Smart Poster Text and URIs 20
21 Decimal Hex Protocol 0 0x00 N/A. No prepending 1 0x x x x x05 tel:// 11 0x0B smb:// 12 0x0c nfs:// 13 0x0d ftp:// 27 0x1B tcpobex:// x23 0xFF RFU Section of NFCForum URI 1.0 spec 21
22 D1 01 0D B FE D1: record begin 01: length of payload length 0D: payload length 55: payload type (URI) 05: payload identifier (tel:// prefix) 2B->37: payload ( ) FE: terminal value character 22
23 Google Tags Application crash* NDEF Stack built in to Android * On Gingerbread. Java level parsing crash, not exploitable 23
24 Phone Hardware Radio (ISO 14443) Phone OS Software Protocol: APDU, SNEP Data: NDEF Market Applications Foursquare, DoubleTwist, PayPal, Park Mobile, etc 24
25 Collin Mulliner ( Python code for working with Nokia 6313 NFC and Nokia 6212 Classic Francois Kooman, Roel Verdult Using NFC to trigger bluetooth and file transfers Nick von Dadelszen - ( Kiwicon Mobile point of sales reader w/ RFIDOIT 25
26 Messing with posters Access control set? Read-only option? Physical protection? 26
27 27
28 Countermeasures Altering data Use write locking or access control Zapping/DoS??? Counterfeit tags NFC Signature Record Type Definition Technical Specification Each record is signed Issues with Franken-tags, cloning, signature-checking... White-list of UIDs Mgmt pains 28
29 Blackberry requires two clicks to open URL 29
30 Push for Zero Click NFC integration Some URIs require no user interaction Contacts, URLs, Market Beam data from device to device Pass NDEF messages instead of emulating tags Simple NDEF Exchange Protocol (SNEP) 30
31 What if the user does not need to click, only tap? 31
32 Register a detailed intent filter in the app s AndroidManifest.xml No interaction needed when scanning a URL with What prevents a malicious application from also requesting this intent? 32
33 We can craft our own icon and title for our registered intent filter Can you tell which is the real maps application? NOTE: See Android Application Records, introduced in Android 4.0 (API level 14) for countermeasure 33
34 AAR from Google: If no application can start with the AAR, go to the Android Market to download the application based on the AAR. Set Android Application Record Our application in the market Add our own tag (Bigger! On the front!) Successfully phished! 34
35 The tag: NDEF URL Record: AAR: com.porkmobile The app: Webview to our server Collect: credit cards, logins, etc Countermeasures: In Google s market 35
36 Developing an app accepting NDEF data? Treat the NDEF data as untrusted. Validate like any user supplied data. Example: Foursquare added NFC check-ins. ueid= &venuename=time% 20Square%20New%20York 36
37 VenueID was not validated to match VenueName before check-in was submitted Can t trust tag data Fixed in version: removed NFC check-in Collin NinjaCon
38 Don t blindly pass a URL (or data) from a tag What if Intent filter api.foursquare.com Your user is persistently logged in Expect But get api.foursquare.com/account/addfriend?userid=666 api.foursquare.com/redirect?domain= Is your authentication token added to the URL? 38
39 ERROR/VenueActivity(536): java.lang.illegalargumentexception: Illegal character in path at index 42: ww.evil.com?oauth_token=4cxotla50whdkoju GS4GQQ1XBINTPX5DSCFSRVARFH5YXE0O&v=
40 NFCShortcuts app on Blackberry never writes to the tags Triggers based of UID Limits the attack surface 40
41 41
42 NFC as a privacy concern? Smartphone has all the megabits anyway, right? Can be as good as GPS data Reading a UID at a specific time, may put you at a specific location Transaction data at a Point of Sales could be sensitive (you spent how much where?) Who your friends are (or what devices your friends have) 42
43 Reading an NFC tag generates an intent seen in logcat, but not recorded to file system Default Tags app Stores tag and timestamp /data/data/com.google.android.tag/databases/tags.db 43
44 Data can be left behind on tags from previous writes Make sure to zero out or format used tag NDEF terminal value character, length fields Have to read sector by sector 44
45 45
46 How do you protect credit card info on your phone from other software listening for NFC tags? droid dream like malware and other rooted applications? a stolen device? 46
47 Yo Dawg, I heard you like computers Runs a base operating system Embedded applications Simple communication interface Strong crypto and access control Pre-shared key known to the SE owner Even if your device is rooted, you won t have full access to the SE 47
48 From the NFC Antenna Be within the physical NFC range From other apps Signed with NFCR or RESE keys on BB Signed by Google* * Unless rooted device or 3 rd party SE 48
49 APDU - Application Protocol Data Unit (ISO7816-4) Defines the communication between OS applications to applets in the Secure Element BH08 - Ivan Buetler SmartCard APDU Analysis Google Wallet Example send: 00 A bytes (SELECT [default CardManager]) recv: 6F A OK 49
50 Free $10 for contactless payments Early build - lots of debug code BS Bank <- Debug Menu ViaForensics post stored data Can work on a NS 4G or NS or Galaxy Nexus (thanks XDA!) Non-root builds means signed by Google a-brave-new-wallet-first-look-at-decompiling-google-wallet/ 50
51 Zvelo team disclosed Google Wallet PIN is not stored in the secure element Physical access of the device needed for abuse On a rooted device The PIN can be brute forced (10,000 possibilities < 5 sec) 51
52 Don t trust your user-land application Keep payment secrets in the secure element Keep lockout counts in the secure element Do sensitive operations in the secure element Pin verification Treat the bus to the secure element as insecure Hidden APDUs will be found By monitoring or fuzzing 52
53 What about a Tap attack with a compromised point of sales reader? Pablos Holman s boingboing type use the reader hack 53
54 For Android: The NFC antenna in your phone is only activated when the screen is powered on * * For Google Nexus devices, although some NFC chips may work in low power or no power modes. 54
55 Blackberry w/ NFC: The default is to ALLOW card emulation when LOCKED or POWERED OFF! * * The BB Device does not appear to read or take actions on tags in locked or powered off modes 55
56 Holman s tap works to grab your own Google Wallet number if your device is on, unlocked, passcode entered, and before it times out ie: good countermeasures against IRL attacks 56
57 Positives Can disable the radio (can t turn off physical cards) GPS to find my credit card Easier to see transaction history Or current balances Gives you more security control than physical cards Device passcode 57
58 NFC: it can be another vector to mobile devices and apps Developers beware! Untrusted data! Pen-Testers: It s just getting started Questions? Thank you to: Jason IG, Stevens Our 58
Practical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More informationNFC is the double click in the internet of the things
NFC is the double click in the internet of the things Name Frank Graeber, Product Manager NFC Subject 3rd Workshop on RFID Systems and Technologies Date 12.06.2007 Content NFC Introduction NFC Technology
More informationMobile Security Fall 2014
Mobile Security Fall 2014 Patrick Tague Class #8 NFC & Mobile Payment 1 Announcements Reminder: first group of SoW presentations will be today, starting ~1/2 way through class Written SoW is a separate
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationRelay Attacks on Secure Elementenabled
Relay Attacks on Secure Elementenabled Mobile Devices Virtual Pickpocketing Revisited Michael Roland University of Applied Sciences Upper Austria,, Austria SEC2012 IFIP International Information Security
More informationDEFCON 26 - Playing with RFID. by Vanhoecke Vinnie
DEFCON 26 - Playing with RFID by Vanhoecke Vinnie 1. Contents 2. Introduction... 3 3. RFID Frequencies... 3 Low frequency... 3 High frequency... 3 Ultra-high frequency... 3 4. MIFARE... 4 MIFARE Classic...
More informationNear Field Comunications
Near Field Comunications Bridging the Physical and Virtual Worlds This is going to get interesting! Ash@YLabz.com Siamak Ashrafi NFC Definition Near field communication, or NFC, is a set of short-range
More informationNFC Redux. Presenter: Nick von Dadelszen Date: 17 th November 2012 Company: Lateral Security (IT) Services Limited
NFC Redux Presenter: Nick von Dadelszen Date: 17 th November 2012 Company: Lateral Security (IT) Services Limited Company Lateral Security (IT) Services Limited Company Overview Founded in April 2008 by
More informationAttacks on NFC enabled phones and their countermeasures
Attacks on NFC enabled phones and their countermeasures Arpit Jain: 113050028 September 3, 2012 Philosophy This survey explains NFC, its utility in real world, various attacks possible in NFC enabled phones
More informationNear Field Communication: IoT with NFC. Dominik Gruntz Fachhochschule Nordwestschweiz Institut für Mobile und Verteilte Systeme
Near Field Communication: IoT with NFC Dominik Gruntz Institut für Mobile und Verteilte Systeme NFC Experience at FHNW 2005/06 First NFC demonstrator (with Siemens CX70 Emoty) NFC was included in a removable
More informationBluetooth mobile solutions APPLICATION NOTE / FAQ. Page 1 on 24
Bluetooth mobile solutions APPLICATION NOTE / FAQ Page 1 on 24 Table of Contents I. Introduction... 5 II. Bluetooth Smart technology General principles... 5 III. Frequently Asked Questions... 5 A. STid
More informationSecure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationIntroduction to NFC.
Introduction to NFC robertportvliet@foundstonecom Twitter: @rportvliet Overview Introduction Hardware Software Attacks NFC Introduction What is NFC? Near Field Communication Set of standards for mobile
More informationLeveraging the full potential of NFC to reinvent physical access control. Friday seminar,
Leveraging the full potential of NFC to reinvent physical access control Wireless@KTH Friday seminar, 2012-08-31 NFC (Near Field Communication) A new radio communication technology for mobile phones Uses
More informationDigital Signature Records for the NFC Data Exchange Format
Digital Signature Records for the NFC Data Exchange Format Michael Roland Upper Austria University of Applied Sciences,, Austria 2 nd International Workshop on Near Field Communication 20 April 2010, Monaco
More informationNear Field Communication Security
Near Field Communication Security Thomas Patzke 22.04.2015 Who am I... Thomas Patzke (formerly Skora) Who am I... Thomas Patzke (formerly Skora) Started with security related topics somewhere in the 90s
More informationOverview RFID-Systems
Overview RFID-Systems MSE, Rumc, RFID, 1 References [1] Klaus Finkenzeller, RFID-Handbuch, 5. Auflage, Hanser, 2008. [2] R. Küng, M. Rupf, RFID-Blockkurs, ergänzende MSE-Veranstaltung, ZHAW, 2009. [3]
More informationFundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors
Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors Automotive Identification Wireless Infrastructure Lighting Industrial Mobile Consumer Computing Global player with local
More informationLet s Hack NFC. How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications?
Geoffrey Vaughan Let s Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy
More informationHow to NFC. Nick Pelly & Jeff Hamilton May 10 th, feedback: hashtags: #io2011 #Android questions:
How to NFC Nick Pelly & Jeff Hamilton May 10 th, 2011 feedback: http://goo.gl/syzqy hashtags: #io2011 #Android questions: http://goo.gl/mod/ekbn Agenda What is NFC Why use NFC How to NFC 101 How to NFC
More informationGreen Receipt Dispenser. NFC User Guide VERSION 0.1 MIRANO.
Green Receipt Dispenser NFC User Guide VERSION 0.1 MIRANO www.mirano.ca System Requirements/How It Works System Requirements ACR1222L VisualVantage NFC Reader with LCD. ACR1222L Smartcard drivers from
More informationLinux NFC Subsystem. Lauro Ramos Venancio Samuel Ortiz 2011, September 9th
Lauro Ramos Venancio Samuel Ortiz 2011, September 9th What is NFC? NFC means Near Field Communication It is a short-range wireless communication It operates at 13.56 MHz Data rates from 106 kbits/s to
More informationThe State of Android Near Field Communication Jonas Estberger Bespoke Code
The State of Android Near Field Communication 2010 Jonas Estberger Bespoke Code Introduction Scope With Android version 2.3 (Gingerbread) Google introduced Near Field Communication (NFC) support. This
More informationBeyond Payment: Secure NFC applications and their relation to RFID
Powering the trusted identities of the world s people, places & things Beyond Payment: Secure NFC applications and their relation to RFID Richard Aufreiter, Director Product Management - IDT June 27, 2017
More informationNFC Lab Michel Simatic
Michel Simatic 15/01/2015 Table of contents RFID versus NFC High level interactions with tags Touchatag (Tikitag) / Mir:ror Smart posters Low level interactions with tags Card readers Tags Medium level
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationHacking new NFC cards
Hacking new NFC cards NTAG2x, Ultralight EV1/C, Desfire EV2, ISO-15693, meal EMV cards abyssal see #brmlab IRC for contact 6.12.2018 New cards Mifare Ultralight C, Ultralight EV1 descendant of simple Ultralight
More informationSecurity Vulnerabilities of the NDEF Signature Record Type
Security Vulnerabilities of the NDEF Signature Record Type Michael Roland Upper Austria University it of Applied Sciences,, Austria 3 rd International Workshop on Near Field Communication 22 February 2011,,
More informationChapter 2 Basics. 2.1 Smartcards. This chapter summarizes basic concepts of smartcards, Near Field Communication (NFC) and payment cards.
Chapter 2 Basics This chapter summarizes basic concepts of smartcards, Near Field Communication (NFC) and payment cards. 2.1 Smartcards Smartcards are identification cards equipped with a microchip (integrated
More informationRFID & NFC. Erik Poll. Digital Security Radboud University Nijmegen
RFID & NFC Erik Poll Digital Security Radboud University Nijmegen 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags also called contactless
More informationEvaluation of the feasible attacks against RFID tags for access control systems
Evaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens University of Amsterdam February 4, 2014 1 / 20 Contents 1 Introduction 2 Background 3
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationRFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer
RFID 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags can be called (contactless) smartcards Inductive coupling is used for energy
More informationThe COMPLETE GUIDE NFC VERSION 1.0 PUBLISHED 09/13/18
The COMPLETE GUIDE to NFC VERSION 1.0 PUBLISHED 09/13/18 TABLE of CONTENTS 03 15 WHAT IS NFC 04 Form Factors 05 Tech Specs 06 Scanning and Interactivity GETTING STARTED 07 08 09 iphone Android Popularity
More informationNFC Equipped Smartphones
NFC Equipped Smartphones A two-edged sword for library RFID systems VALA Conference 2014 www.sybis.com.au NFC equipped Smartphones NFC Card Emulation Mode Near Field Communications n A form of RFID contactless
More informationRFID DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi
RFID Workshop @ DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi Page 1 Content Introduction RFID theory Basics Tools Protocols Mifare Challenges Page 2 RFID basics RFID theory: RFID basics RFID = Radio Frequency
More informationSupports ISO14443A Mifare Classic 1K, Mifare Classic 4K, Mifare Ultralight. Fast data transfer - Contactless communication up to 106 KHz
SM132-USB 13.56 MHz RFID Mifare Read / Write USB Module DATA SHEET Complete Read/Write module including antenna Supports ISO14443A Mifare Classic 1K, Mifare Classic 4K, Mifare Ultralight USB Interface
More informationAN MIFARE Type Identification Procedure. Application note COMPANY PUBLIC. Rev August Document information
Document information Info Content Keywords, 14443 Abstract This document describes how to differentiate between the members of the card IC family. 14443-3 describes the initialization and anti-collision
More informationSecure Elements 101. Sree Swaminathan Director Product Development, First Data
Secure Elements 101 Sree Swaminathan Director Product Development, First Data Secure Elements Secure Element is a tamper resistant Smart Card chip that facilitates the secure storage and transaction of
More informationNEAR FIELD COMMUNICATION
NEAR FIELD COMMUNICATION (GUIDED BY:MISS ANUJA V NAIR) BY: REJOY MENDEZ ROLL NO:24 S7 ECE OVERVIEW INTRODUCTION FEATURES OF NFC TECHNOLOGICAL OVERVIEW COMPARISON WITH OTHER TECHNOLOGY SECURITY ASPECTS
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationNFC ESSENTIALS JORDI JOFRE NFC EVERYWHERE MARCH 2018 PUBLIC
NFC ESSENTIALS JORDI JOFRE NFC EVERYWHERE MARCH 2018 PUBLIC Learn all about NFC Session I, 15th March NFC applications and use cases https://attendee.gotowebinar.com/rt/1059402932312036099 Session II,
More informationSecurity of NFC payments
Security of NFC payments Olga Korobova Department of Computer Science University of Massachusetts Amherst Abstract Our research objective was to examine the security features implemented by the bank cards
More informationMultifunctional Identifiers ESMART Access
AIR TAG Multifunctional Identifiers ESMART Access Contents ESMART Access technology 4 Key advantages of ESMART Access 6 Multifunctional identifiers ESMART Access 8 AIRTAG RFID keyfobs 9 Silicone RFID
More informationRD200/300 TOOL OPERATION MANUAL V02.06
RD200/300 TOOL OPERATION MANUAL V02.06 Installation... 2 Driver installation (For change to virtual COM port mode)... 3 Common Setting... 4 Auto Read (13.56 MHz only)... 9 NTAG/Ultralight (13.56 MHz only)...
More informationACR1255 NFC Bluetooth Smart Card Reader
ACR1255 NFC Bluetooth Smart Card Reader User Manual V1.00 Name Signature Date Prepared by: Tommy Wong 2015-05-28 Reviewed by: Approved by: Subject to change without prior notice Table of Contents 1.0.
More informationACR1251U-A1 USB NFC Reader with SAM Slot
ACR1251U-A1 USB NFC Reader with SAM Slot Technical Specifications V1.05 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5
More informationSession 2: Understanding the payment ecosystem and the issues Visa Europe
Session 2: Understanding the payment ecosystem and the issues Visa Europe Agnes Revel Martineau VP, Head of Product Specifications, Standards and Industry Liaison ETSI 01st, July, 2014 Agenda You said
More informationISO / NFC Standards and Specifications Overview. NFC/RFID Training Module #1 (2014) S2 MCU NFC/RFID Applications Team
ISO / NFC Standards and Specifications Overview NFC/RFID Training Module #1 (2014) S2 MCU NFC/RFID Applications Team HF RFID ISO STANDARDS HF RFID ISO Standards Overview The main worldwide accepted High
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationACR1255U-J1 Secure Bluetooth NFC Reader
ACR1255U-J1 Secure Bluetooth NFC Reader Technical Specifications V1.07 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Compact Design...
More informationABOUT CIVINTEC PLATFORM PRODUCT RANGE CIVINTEC GLOBAL. World Leading OEM/ODM Designer & Manufacturer
CIVINTEC GLOBAL 01 World Leading OEM/ODM Designer & Manufacturer ABOUT CIVINTEC CIVINTEC is the world leading designer and manufacturer of smart card terminals and devices, established in 2006 and focusing
More informationHAKI-NFC BASED ANDROID APPLICATION
HAKI-NFC BASED ANDROID APPLICATION JAIKISHAN KHATWANI 1, ABHISHEK SINGH 2, HRISHIKESH RANGDALE 3, KAMLESH JUWARE 4 & ISHAN ALONE 5 1,2,3,4&5 Department of Information Technology, Mumbai University, FR.
More informationRD200/300 TOOL OPERATION MANUAL V02.10
RD200/300 TOOL OPERATION MANUAL V02.10 Model description... 2 Installation... 3 Driver installation (For change to virtual COM port mode)... 4 Common Setting... 5 Auto Read (13.56 MHz only)... 10 NTAG/Ultralight
More informationNFC Payments: The Art of Relay & Replay Attacks. Salvador Mendoza August 14, 2018
1 NFC Payments: The Art of Relay & Replay Attacks Salvador Mendoza August 14, 2018 2 Disclaimer This white paper is a shortened version of the actual research. Unfortunately, some techniques and exploitation
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationACR1251U-A1 USB NFC Reader with SAM
ACR1251U-A1 USB NFC Reader with SAM Application Programming Interface V1.00 Subject to change without prior notice Table of Contents 1.0. Introduction... 4 2.0. Features... 5 3.0. Architecture... 6 4.0.
More informationACR122U SAM NFC Reader. Application Programming Interface
Application Programming Interface ACR122U SAM NFC Reader Table of Contents ACR122T Application Programming 1.0 Introduction 3 1.1 Features 3 1.2 USB Interface 3 2.0 Communication between the Driver, Contactless
More informationACR128U Dual- Interface Reader
ACR128U Dual- Interface Reader Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Technical
More informationAlpha Scanner Pro User manual
WWW.MYALPHALABS.COM Alpha Scanner Pro User manual myalphalabs, #105, 1 st Floor, Meenaakshi Paradise Apartment, 2 nd Main, 3 rd Block, Hosapalya Main Road, Yellukunte. Bangalore, INDIA. Pin Code 560068.
More informationACR120 Contactless Reader/Writer
ACR120 Contactless Reader/Writer Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Technical
More informationMobile Contactless Technology Backgrounder
Mobile Contactless Technology Backgrounder June 2011 1. In2Pay TM microsd architecture... 3 2. In2Pay microsd basic features... 4 3. Differences between In2Pay v2.0 and v2.6... 5 4. Support for full NFC
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationWho we are. Eagle1753 (aka Matteo Beccaro) bughardy. (aka Matteo Collura)
Who we are bughardy Eagle1753 (aka Matteo Beccaro) (aka Matteo Collura) bughardy@cryptolab.net eagle1753@onenetbeyond.org Italian student with passion of IT, networking and pentesting. In 2013 ended his
More informationHCE security implications. Analyzing the security aspects of HCE
HCE security implications Analyzing the security aspects of HCE January 8th, 2014 White paper - HCE security implications, analyzing the security aspects of HCE HCE security implications About the authors:
More informationACR120 Technical Specifications Version 4.00
Datenblatt / Specifications ACR120 Contactless Reader/Writer Otto-Hesse-Straße 19 / T5 D-64293 Darmstadt Phone +49 6151 9926567 Fax +49 6151 3689296 1.0 Introduction The ACR120 is a compact and cost-effective
More informationACR1281U-C2. Card UID Reader. Reference Manual Subject to change without prior notice.
ACR1281U-C2 Card UID Reader Reference Manual 1.01 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Reference Documents...
More informationURI Record Type Definition. Technical Specification NFC Forum TM RTD-URI 1.0 NFCForum-TS-RTD_URI_
URI Record Type Definition Technical Specification NFC Forum TM RTD-URI 1.0 NFCForum-TS-RTD_URI_1.0 2006-07-24 RESTRICTIONS ON USE This specification is copyright 2005-2006 by the NFC Forum, and was made
More informationGOOGLE WALLET. Hardik Mangukiya ABSTRACT INDIA
GOOGLE WALLET Hardik Mangukiya INDIA ABSTRACT Over the past few thousand years of evolution, the way we pay has changed shapes and materials. It has gone from gold to coins, paper money to plastic cards
More informationApplication Programming Interface
Application Programming Interface ACR122 NFC Reader Advanced Card Systems Ltd. Website: www.acs.com.hk Email: info@acs.com.hk Table of Contents 1.0 Introduction...3 1.1 Features...3 1.2 USB Interface...3
More informationNFC embedded microsd smart Card - Mobile ticketing opportunities in Transit
NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit July 2017 By: www.smk-logomotion.com Introduction Presentation is describing NFC enabled microsd smart card (LGM Card) Technical
More informationMobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April 8, 2019
Powering the trusted identities of the world s people, places & things Mobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April
More informationAndroid Samsung Galaxy S6 Edge
Android 6.0.1 Samsung Galaxy S6 Edge Access your quick menu by using two fingers to pull down the menu from the top-center of the screen. You can use this to quickly turn your Wi-Fi, Location, Bluetooth,
More informationJMY607H User's Manual
JMY607H User's Manual (Revision 3.42) Jinmuyu Electronics Co. LTD 2011/6/27 Please read this manual carefully before using. If any problem, please mail to: Jinmuyu@vip.sina.com Contents 1 Product introduction...
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland NFC Research Lab Hagenberg University of Applied Sciences Upper Austria Softwarepark 11, 4232
More informationImproving the Student Experience with a Unified Credential. Jeff Staples VP Market Development Blackboard Transact
Improving the Student Experience with a Unified Credential Jeff Staples VP Market Development Blackboard Transact 93% High school students who say campus technology is a key factor in their college selection
More informationDesign of an Automatic Fare Collection System Using Near Field Communication with Focus on Indian Metrorail
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 10, Issue 4 (April 2014), PP.20-24 Design of an Automatic Fare Collection System
More information3. Why should I use Samsung Pay instead of my physical cards?
Overview 1. What is Samsung Pay? Samsung Pay is a secure and easy-to-use mobile payment service which can be used to make purchases almost anywhere. Leveraging a new proprietary technology called Magnetic
More informationSmart Card meets Connectivity New Opportunities in Mobile Business with NFC Technology. Smart Card Alliance2005 Fall Annual Conference Martin Bührlen
Smart Card meets Connectivity New Opportunities in Mobile Business with NFC Technology Smart Card Alliance2005 Fall Annual Conference Martin Bührlen Agenda NFC Technology Use Cases Implications for the
More informationAdvanced. Card. Systems. Ltd. by Eric Lee. June, Advanced Card Systems Ltd. Room 2910, The Center, 99 Queen's Road Central, Hong Kong.
Advanced Card Systems Ltd. by Eric Lee June, 2004 1 2 What is a Contactless Smart Card? A kind of Smart Card which can be accessed without electrical contact A type of RFID tag What is RFID (Radio Frequency
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland University of Applied Sciences Upper Austria,, Austria IWSSISPMU2012 International Workshop on
More informationmifare DESFire Contactless Multi-Application IC with DES and 3DES Security MF3 IC D40 INTEGRATED CIRCUITS Objective Short Form Specification
INTEGRATED CIRCUITS mifare DESFire Contactless Multi-Application IC with DES and 3DES Security MF3 IC D4 Objective January 23 Revision 1.1 PUBLIC Philips Semiconductors CONTENTS 1 FEATURES...3 1.1 RF Interface:
More informationApplication Interface. ACR122T NFC Reader Token. idvation GmbH Otto-Hesse-Straße 19 / T5 Phone D Darmstadt Fax
Application Interface ACR122T NFC Reader Token Otto-Hesse-Straße 19 / T5 Phone +49 6151 9926567 Table of Contents 1. Introduction... 4 1.1. USB Interface... 4 2. Implementation... 5 2.1. Communication
More informationPrepaid Energy System
Prepaid Energy System Group 21 Youssef Ojeil (EE) Michael Cuervo (EE) MD.S. Rahaman (EE) Sahin Okur (EE) Sponsored by: Supervised by Dr. Chung-Yong Chan Goals and Objectives Alternative pre-paid solution
More informationAET62 NFC Reader. Reference Manual. Subject to change without prior notice
AET62 NFC Reader Reference Manual Subject to change without prior notice Table of Contents 1.0. Introduction... 5 2.0. AET62 Contactless Smart Card Reader... 6 2.1. USB Interface...6 3.0. Implementation...
More informationJMY501H User's Manual
JMY501H User's Manual (Revision 3.42) Jinmuyu Electronics Co. LTD 2011/6/27 Please read this manual carefully before using. If any problem, please mail to: Jinmuyu@vip.sina.com Contents 1 Product introduction...
More informationRFID A1 Module User Manual V1.183
RFID A1 Module User Manual V1.183 Table of Contents 1 Introduction... 4 1.1 Device Overview... 4 1.2 Pinout... 5 1.3 Application... 6 2 Electrical Characteristics... 7 2.1 Test Conditions... 7 2.2 Absolute
More informationNFC USE CASES FOR INDUSTRIAL APPLICATIONS. December 2016
NFC USE CASES FOR INDUSTRIAL APPLICATIONS December 2016 Agenda Session 1 st December: NFC use cases for industrial applications NFC technology essentials NFC Forum specifications Application examples NFC
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationA Proposed e-payment Service for Visually Disabled
IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.5, May 2017 253 A Proposed e-payment Service for Visually Disabled Gamal H. Eladl 1 1 Information Systems Department, Faculty
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationPN532 NFC RFID Module User Guide
PN532 NFC RFID Module User Guide Version 3 Introduction NFC is a popular technology in recent years. We often heard this word while smart phone company such as Samsung or HTC introduces their latest high-end
More informationIdesco OEM modules. Compact Module: 40,9 x 39,0 mm. Module: 72 x 37,8 x18 mm. 125 khz Prox. 13,56 MHz UID. MIFARE DESFire. MIFARE DESFire LEGIC - 1 -
: Compact : 40,9 x 39,0 mm 125 khz Prox 13,56 MHz UID LEGIC - 1 - 7 AH EM4102, Sokymat Unique, Hitag2, HIDProx RS-232, Wiegand, USB, Clock&Data, USB Hi on request. 2 FET outputs, 1 General purpose input
More informationST25TV product presentation. June 2018
ST25TV product presentation June 2018 ST25TV512 / 02K Product 2 The ST25TV chip belongs to ST25 NFC / RFID Tags & Readers family ST25TV is the natural evolution of LRI2K series The ST25TV512 / ST25TV02K
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationACR1252U. NFC Forum Certified Reader. Technical Specifications V1.03. Subject to change without prior notice.
ACR1252U NFC Forum Certified Reader Technical Specifications V1.03 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0.
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationRegistering a Card and Creating an Account on
Installing MyCardRules The MyCardRules App is available for both iphones and Android phones. To install MyCardRules: 1. Search for the app in the App Store or on Google Play. 2. Follow the instructions
More informationNFC Technology Overview Jonathan Main MasterCard Worldwide Chairman, Technical Committee
NFC Technology Overview Jonathan Main MasterCard Worldwide Chairman, Technical Committee September 2009 Agenda Review of Use Cases Architecture Overview Relationship to Other Standards Status of NFC Forum
More information